I am trying to implement a user login through token for clients so they can login using just a token. This is because we are trying to implement a whitelabel functionality so users from external DB can access the application without logging in our app.
Steps that I am aiming to:
- Tenant user creates a user using our app. We provide a token or ID associated to auth0 for the tenant so it saves it into their DB.
- The client app uses that token provided along with security measures to submit a POST request and retrieve an access token which regular users will use to access our app without going through the regular auth process.
- It is important to handle the refresh token so users are not logged out too soon, in case that happens users will need to repeat the same process in order to login again.
How viable is this?